Analysis
-
max time kernel
149s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
12/02/2024, 20:20
General
-
Target
2024-02-12_ce09de74a24ae5891ffdaf2b69c0b5d1_goldeneye.exe
-
Size
372KB
-
MD5
ce09de74a24ae5891ffdaf2b69c0b5d1
-
SHA1
dba92e1d8f7c659907c6bfa5626dc7c07be54a36
-
SHA256
8f461d836a5540a2c43018397ccea692206512053f77ca03ea6daf48484210e7
-
SHA512
829308d90942e0c266f0894f92eaf609d99c73c4c498bd6d675bf530e6e1e015dc4f70c66c3542059802a5af2fa2d401ab0d4925766cd541afe1578745125d5f
-
SSDEEP
3072:CEGh0oXlMOiNOe2MUVg3bHrH/HqOYGte+rcC4F0fJGRIS8Rfd7eQEcGcrTutTBfM:CEG9lkOe2MUVg3vTeKcAEciTBqr3
Malware Config
Signatures
-
Auto-generated rule 12 IoCs
-
Modifies Installed Components in the registry 2 TTPs 24 IoCs
-
Executes dropped EXE 12 IoCs
-
Drops file in Windows directory 12 IoCs
-
Suspicious use of AdjustPrivilegeToken 12 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-02-12_ce09de74a24ae5891ffdaf2b69c0b5d1_goldeneye.exe"C:\Users\Admin\AppData\Local\Temp\2024-02-12_ce09de74a24ae5891ffdaf2b69c0b5d1_goldeneye.exe"1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{04687E54-7EBD-4a32-9A3D-2B6641EF1799}.exeC:\Windows\{04687E54-7EBD-4a32-9A3D-2B6641EF1799}.exe2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{DD9DEBF1-622B-40cb-81D0-FC5A7BA84606}.exeC:\Windows\{DD9DEBF1-622B-40cb-81D0-FC5A7BA84606}.exe3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{DD9DE~1.EXE > nul4⤵
-
-
C:\Windows\{B207D69D-FA72-4bb4-8D25-112D5DB73A23}.exeC:\Windows\{B207D69D-FA72-4bb4-8D25-112D5DB73A23}.exe4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{8AB81FDA-A863-4f30-9893-60CA8DC40770}.exeC:\Windows\{8AB81FDA-A863-4f30-9893-60CA8DC40770}.exe5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{B27F7A5F-07DD-4342-8221-365BEA397E1C}.exeC:\Windows\{B27F7A5F-07DD-4342-8221-365BEA397E1C}.exe6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{F368AB53-23DC-4495-B599-F5B0A07F1442}.exeC:\Windows\{F368AB53-23DC-4495-B599-F5B0A07F1442}.exe7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{937453AF-C144-4284-89FB-108B8C95F3FB}.exeC:\Windows\{937453AF-C144-4284-89FB-108B8C95F3FB}.exe8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{AD397681-EF0E-439c-8A5C-7942FE835076}.exeC:\Windows\{AD397681-EF0E-439c-8A5C-7942FE835076}.exe9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{D79C3D90-4810-4afb-915E-3E0AB7149993}.exeC:\Windows\{D79C3D90-4810-4afb-915E-3E0AB7149993}.exe10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{A6EBA3E8-4FAB-4867-B53D-ADD2AD46B493}.exeC:\Windows\{A6EBA3E8-4FAB-4867-B53D-ADD2AD46B493}.exe11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\{0918B047-F01F-420d-A7F5-188BA003CCA1}.exeC:\Windows\{0918B047-F01F-420d-A7F5-188BA003CCA1}.exe12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\{62024203-7C9A-4ea8-B9D0-A67F35F12170}.exeC:\Windows\{62024203-7C9A-4ea8-B9D0-A67F35F12170}.exe13⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{0918B~1.EXE > nul13⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{A6EBA~1.EXE > nul12⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{D79C3~1.EXE > nul11⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{AD397~1.EXE > nul10⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{93745~1.EXE > nul9⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{F368A~1.EXE > nul8⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B27F7~1.EXE > nul7⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{8AB81~1.EXE > nul6⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{B207D~1.EXE > nul5⤵
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Windows\{04687~1.EXE > nul3⤵
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\2024-0~1.EXE > nul2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
372KB
MD50c72e1d20e4ec4b4ef4bd7ff4ab73c07
SHA117778a3e6d0611714c95f8627d5861a297cbf82e
SHA2561a9702db01e41b170660aa32362d223bc137e7405270436b1532b16cf13679c4
SHA5124aa7e31a576e70b11dcad78ac5ad31cfbdfd68132e200799a360546c32a4d20f5ae96e89d33ec9ef851f374a2e39058603cc044b082195a3ad0297d886e9ce58
-
Filesize
372KB
MD58953b78be4526c4ef97e9a016129df67
SHA10f76bb1b9d7f99eb2368da22ba0c693b61892bc4
SHA256dec43d0651589eaf2d21ea4492c68889ed6b9890a39ec752d0625a3b61dff98c
SHA512ad7562e99d8f94b91682fab1853eeaacb4a756c1113c628e25e67c4efe75334cb052939777832ad9bcb9b1a219ffd7f15fd761f7e8ccf832f241155dc6b67a2e
-
Filesize
372KB
MD555e8e9cd84788c61c53eccf67997ec3b
SHA1e8e803074d0109b3c3660965e77948c77ebcd4ae
SHA25638578dc26d99bb4546b41e5b0d18aab46d18577bdd03075fab5aaabbd91ed30f
SHA512eff5eeba628614df0e953268afa7d671156e0f92ec5b9d7928cd6936bcabc6f62642c2deae3f23817d11acfd607aeef04d884123298f3a0963b266ee4d81a91a
-
Filesize
372KB
MD56ac7ad01273ec0a246679868dc8a021a
SHA15c1965cf3cbca9e3524e5429689939bd3c7bde9f
SHA256b298231b45a875a0a4220b133535c31463d3f6b25efbf68ca9ef44fa86bdb952
SHA512c6297640e688a6f6907434604a2a6e5a12aef3fd90c613314942768777f1e8727a8e16b4697907f197383b8c0fb76f1add8ee07882c88bf45b265b77e3b3e0bd
-
Filesize
372KB
MD5aeb7e5c89ac87a3990c24f3b84dc1f16
SHA1ba81b096ca7c9a53f1be51801a4803ab1eff05e5
SHA2562bc60973f083439406948e267cd8bb40e2a26be081b90246bbb2b8586511cef5
SHA512c1654e83c0c14454c6a70566bbad1020448675b1aa71bae0fe08d21a2492c9245497c5ff63584a79b1c2dc8ca3f1ba8527559fae632daba79c11e659e862663c
-
Filesize
372KB
MD5dc238d0f8ca701a7f54b731360a534fa
SHA1bd26bd8626025d1bbcf6afbbd22455be7678c58e
SHA256d8f0d01978072f71cef95b39bac627f82e6b8946329814e2c00a090a2898de18
SHA51273420a7a406bdcf7502915fe0ab3e4a0086303e06f2d0148148b81bf82a87250efa91d7b0e8d382692a154aa32d6af77027a556516df319c07a70a5185eb484e
-
Filesize
372KB
MD50f41429610d90388a2d4ba1e96f71a3c
SHA158b30f988ead08b2b2512640c1f96b088c0cb9e5
SHA2567a5d9cf093968f30d18842d62021c06ab28b5d0471de09fc15a83cbfbde33ea1
SHA5120783b08607c6231668d76f50346bab855223d92342a42f8118e5c06dbe28ed41ed9c982f6ad45aa8ed436386ffb90cb5e737e47445ab1f0be29f62d3453dbf82
-
Filesize
372KB
MD510ba2c407efb5f79e9b6607b9801d048
SHA1772a00afcc0edd8fc8f2220eec54ca52628bfe5d
SHA2566945706cac43c49442b51af70df332c7008b7f677aefc8b15f93ff0b48333abc
SHA5122bc7f5b0ac6ff076ee263d0978e40bd3ce8216226cc5ec2dfaab9ca992731e18cd5ca1c41eeb107d5e38750688b3b9b7925e569756f441b81df9e76c5286b5b4
-
Filesize
372KB
MD54bbb1a18934c5bf5222ff20900ef0849
SHA1be81c7f49bc45fe2ad796d8b93ac1c0c229a50ef
SHA256bb333ccbd11f0cb663988ab4a3caf7ef926eea67107c023b7ec7cc8efeb5f68e
SHA512c8022189c44b26f65fd60c681bdf070424e66e8ca925ba4ae592e166f4fe40d8331ddc8762e2d7016fb2deff35480127b60a5f5d0133775ad60ce1160d738df7
-
Filesize
372KB
MD51430bac2d77b092872748487339b7918
SHA1447d0430d9f303f6ea4963488d5be50ba0af6337
SHA2560e4956a0cad33cd79d31ad58935b8b76656e8d4d959d7f9d3e5bd4d1e342c30e
SHA51293926d9dcb46be260b6d6df811bee680c49ff0a329dbb3dfd7e3492c4c1b8036311a6dba29a14f7af09810c2ff8e9a2c575b6b3ffde4cc18e595117e8108b92c
-
Filesize
372KB
MD54632beefc3e6f60ed5817bf208f6937c
SHA13a96a1f195b3220de26cc3e015983b7980f42cbf
SHA25692962211e8fa774e458539e0f8d6ac048c1c3b282f15086b87452ee4dccc5e26
SHA5121e0e795621b88c58649bd89d99ecc85dbd70a169e89c943454322aa1f54c94db6e0b59dfc6caa1dc39ff617046e8c873f4928431964380c2868fe3d5a1b136bc
-
Filesize
372KB
MD58d01a7b620b0020bcfc3667f824fd098
SHA1f5d47892d27a9f72a75b46fd852a973f1c1ac981
SHA2560123ea592ce66fb5759a70e829839a19902e5b27789c89cb3f38636e5ab25f53
SHA51219ce3773a7507615bc15c78dbd9e34920402f3e42a5a8d2dc47b2f9f80ba45a55d58aba33f6249503273419c0a52fcdf445b167ca451a5257c1b732f57a436ff